[sflack-security] bind (SFSA:2007-026-01)
In according to slackware-security a new bind packages,
are available for Sflack 11.0, to fix denial of service security issues.
Versions of bind-9.2.x older than bind-9.2.8, and versions of bind-9.3.x
older than 9.3.4 can be made to crash with malformed local or remote data.
More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
2007-01-27 patches/packages/bind-9.3.4-x86_64-1_sflack11.0.tgz:
* Upgraded to bind-9.3.4. This update fixes two denial of service
vulnerabilities where an attacker could crash the name server with
specially crafted malformed data.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
(* Security fix *)
+--------------------------+
Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com
Correlati
